Use as library in Play? #1
Comments
|
Adding playframework/playframework#7072 as play issue tracker |
|
Hi Will, Yes I would love to see this idea become part of Play. There are few things to think about for now:
I have not figured this out completely yet. (When time rolls over to renew cert for first time I guess I will figure it out.) The thing is, from docs I kind of gather they give you new cert, you replace the old cert in your keystore, and you are good to go (possibly after restarting the server). But is that really so? Won't the browsers start complaining about cert suddenly being different? Was there some sort of chaining scheme required, where the new cert is somehow added on to previous cert? I don't completely get this, but probably will need to read up on what exactly Certbot does, and how exactly browsers handle it.
3.1) JOSE/JWT library for signing ACME requests. The JWT signing of JSON is fairly straightforward, in fact it can be implemented as couple methods (Base64 + BouncyCastle), and the Nimbus library I used is somewhat overkill - it tries to be everything for everybody. We just need the subset that is required to talk to ACME. Maybe there is a smaller lib that Play officially prefers that can do JWT? 3.2) Probably will require Bouncy Castle for crypto. (But isn't that a default anyway already.) |
|
I am addressing JWT support through playframework/playframework#7053 for session cookies, since that is the library with the most minimal library dependency footprint. |
Hi Valters,
Really like what you've done with the set up -- would you be able to generalize this into Play itself, so that Play applications could use https automatically as a sample project? What do you think would be the best way to set up a Play application?
Ideally we'd put this into the starters and seeds at Play: https://playframework.com/download#seeds so it could be something that people could disable as need be, but would be "secure by default".
The text was updated successfully, but these errors were encountered: